AWS Certified Security – Specialty (SCS-C02) — Question 208

A developer is receiving AccessDenied errors when the developer invokes API calls to AWS services from a workstation. The developer previously configured environment variables and configuration files on the workstation to use multiple roles with other AWS accounts.

A security engineer needs to help the developer configure authentication. The current credentials must be evaluated without conflicting with other credentials that were previously configured on the workstation.

Where these credentials should be configured to meet this requirement?

Answer options

• A. In the local AWS CLI configuration file
• B. As environment variables on the local workstation
• C. As variables in the AWS CLI command line options
• D. In the AWS shared configuration file

Correct answer: C

Explanation

The correct answer is C because using variables in the AWS CLI command line options allows the developer to specify credentials on a per-command basis without affecting other configurations. Options A and D involve modifying configuration files that could conflict with existing credentials, while option B would also set environment variables that might interfere with previously set variables.